diff --git a/dist/llm.js b/dist/llm.js index a571b02..db8d001 100644 --- a/dist/llm.js +++ b/dist/llm.js @@ -12,9 +12,23 @@ const uuid_1 = require("uuid"); // --------------------------------------------------------------------------- let _cachedToken = ''; let _tokenExpiry = 0; -const _googleAuth = new google_auth_library_1.GoogleAuth({ - scopes: ['https://www.googleapis.com/auth/cloud-platform'] -}); +// Prefer an explicit JSON key (set as env var in Coolify) over the metadata server. +// This avoids the "insufficient scope" error that occurs when the VM's service +// account was created without the cloud-platform scope. +function buildGoogleAuth() { + const jsonKey = process.env.GOOGLE_APPLICATION_CREDENTIALS_JSON; + if (jsonKey) { + try { + const credentials = JSON.parse(jsonKey); + return new google_auth_library_1.GoogleAuth({ credentials, scopes: ['https://www.googleapis.com/auth/cloud-platform'] }); + } + catch { + console.warn('[llm] GOOGLE_APPLICATION_CREDENTIALS_JSON is set but failed to parse — falling back to metadata server'); + } + } + return new google_auth_library_1.GoogleAuth({ scopes: ['https://www.googleapis.com/auth/cloud-platform'] }); +} +const _googleAuth = buildGoogleAuth(); async function getVertexToken() { const now = Date.now(); if (_cachedToken && now < _tokenExpiry) diff --git a/src/llm.ts b/src/llm.ts index 860d5dc..ba45f71 100644 --- a/src/llm.ts +++ b/src/llm.ts @@ -70,9 +70,23 @@ export interface LLMClient { let _cachedToken = ''; let _tokenExpiry = 0; -const _googleAuth = new GoogleAuth({ - scopes: ['https://www.googleapis.com/auth/cloud-platform'] -}); +// Prefer an explicit JSON key (set as env var in Coolify) over the metadata server. +// This avoids the "insufficient scope" error that occurs when the VM's service +// account was created without the cloud-platform scope. +function buildGoogleAuth(): GoogleAuth { + const jsonKey = process.env.GOOGLE_APPLICATION_CREDENTIALS_JSON; + if (jsonKey) { + try { + const credentials = JSON.parse(jsonKey); + return new GoogleAuth({ credentials, scopes: ['https://www.googleapis.com/auth/cloud-platform'] }); + } catch { + console.warn('[llm] GOOGLE_APPLICATION_CREDENTIALS_JSON is set but failed to parse — falling back to metadata server'); + } + } + return new GoogleAuth({ scopes: ['https://www.googleapis.com/auth/cloud-platform'] }); +} + +const _googleAuth = buildGoogleAuth(); async function getVertexToken(): Promise { const now = Date.now();